• United States



What is the Cost of a Breach?

Oct 24, 20174 mins
Data BreachInternetNetwork Security

What is the Cost of a Breach?

By Charles Cooper

The odds that your organization will suffer a data breach are not just higher than ever. They are more expensive than ever.

A recent report from Kaspersky Lab and B2B International, for instance, estimates that the full impact of a data breach now amounts to $1.3 million for large companies in the U.S., compared with $1.2 million in 2016.

A report conducted by the Ponemon Institute, whose recent annual survey took a more global look, found a 27.7% likelihood of a company sustaining a recurring material data breach over the next couple of years

Ponemon’s report, which surveyed 419 companies in 13 regions around the world, also offered new insight into the extent of the financial havoc that malicious hackers inflict on their victims. Consider these revealing data points:

  • Although the average total cost of a data breach fell 10% to $3.62 million this year, the average size of a data breach has inched up 1.8%to 24,089 records.
  • The survey found a 2.1% increase in the likelihood of a recurring material data breach.
  • In addition, Ponemon reported, more organizations worldwide have lost customers in the aftermath of suffering data breaches.

Clearly, there are any number of direct and indirect costs — ranging from legal fees to lost customer records to employee and company downtime — that your organization will be forced to absorb following a data breach. How much you’ll wind up paying will vary according to industry, geography and the size of the data loss. But when it comes to tallying up the final tab, here’s what will loom large in shaping the calculation:

Breach Containment  Response time means everything. The Ponemon report found a clear link between how long it took to identify and contain a data breach and the final cost to the organization. On average, breach containments that take more than 30 days cost about $1 million more than those that take less than 30 days.

Location, Location, Location  Where you set up shop matters. The average per capita cost of a data breach in the U.S., and Canada was the highest among the surveyed nations at $225 and $190, respectively. On the opposite end of the spectrum, the least expensive regions were in Brazil and India at $79 and $64, respectively.  

Breach Costs Vary by Industry  While the average global cost of a data breach per lost or stolen record was $141, some industries get hit harder than others. For instance, health care organizations ranked No. 1, incurring an average cost of $380. The other top targets were financial services at $245 and media at $119. By contrast, the public sector had the lowest average cost per lost or stolen record at $71.

Victory in Our Time?                                                                                     

But let’s finish on a more optimistic note. Organizations that draw up incident response plans will be able to more quickly identify what’s happened, what the attacker has access to, and how to contain and remove that access. Indeed, there’s modest progress to report; according to Ponemon, the number of days companies needed to identify data breaches fell from an average of approximately 201 last year to 191 days. Also, the average number of days it took to contain data breaches dropped from 70 to 66 days.

Look at it another way: While data breaches are becoming more widespread, organizations can help their cause by preparing their cyberdefenses for the inevitable. So, when an attack finally comes, they will be in a far better position to limit the resulting expenses to just another cost of doing business.

Charles Cooper has covered technology and business for the past three decades. All opinions expressed are his own. AT&T has sponsored this blog post.

Be one of the first to receive the latest AT&T Cybersecurity Insights report, Mind the Gap: Cybersecurity’s Big Disconnect. You’ll learn more about minimizing gaps in your cybersecurity strategy and how to defend against the growing cyberthreats. Sign up today!